UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Dmitry Antipov 1b8178a2ae wifi: rtw88: always wait for both firmware loading attempts 
[ Upstream commit 0e735a4c6137262bcefe45bb52fde7b1f5fc6c4d ]

In 'rtw_wait_firmware_completion()', always wait for both (regular and
wowlan) firmware loading attempts. Otherwise if 'rtw_usb_intf_init()'
has failed in 'rtw_usb_probe()', 'rtw_usb_disconnect()' may issue
'ieee80211_free_hw()' when one of 'rtw_load_firmware_cb()' (usually
the wowlan one) is still in progress, causing UAF detected by KASAN.

Fixes: c8e5695eae ("rtw88: load wowlan firmware if wowlan is supported")
Reported-by: syzbot+6c6c08700f9480c41fe3@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6c6c08700f9480c41fe3
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20240726114657.25396-1-dmantipov@yandex.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-10-04 16:28:49 +02:00
..
accel accel: Use XArray instead of IDR for minors 2024-09-30 16:25:13 +02:00
accessibility speakup: Fix sizeof() vs ARRAY_SIZE() bug 2024-06-12 11:11:18 +02:00
acpi ACPI: processor: Fix memory leaks in error paths of processor_add() 2024-09-12 11:11:42 +02:00
amba
android binder: fix UAF caused by offsets overwrite 2024-09-12 11:11:41 +02:00
ata ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf 2024-09-12 11:11:43 +02:00
atm atm: idt77252: prevent use after free in dequeue_rx() 2024-08-29 17:33:18 +02:00
auxdisplay auxdisplay: ht16k33: Drop reference after LED registration 2024-08-03 08:54:39 +02:00
base regmap: maple: work around gcc-14.1 false-positive warning 2024-09-12 11:11:38 +02:00
bcma
block ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() 2024-09-12 11:11:45 +02:00
bluetooth Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() 2024-09-12 11:11:38 +02:00
bus bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state 2024-04-13 13:07:38 +02:00
cache
cdrom cdrom: rearrange last_media_change check to avoid unintentional overflow 2024-07-11 12:49:10 +02:00
cdx
char char: xillybus: Check USB endpoints when probing device 2024-08-29 17:33:11 +02:00
clk clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time 2024-09-12 11:11:44 +02:00
clocksource clocksource/drivers/timer-of: Remove percpu irq related code 2024-09-12 11:11:42 +02:00
comedi comedi: vmk80xx: fix incomplete endpoint checking 2024-04-27 17:11:39 +02:00
connector
counter counter: ti-eqep: enable clock at probe 2024-07-05 09:33:56 +02:00
cpufreq cpufreq: amd-pstate: fix the highest frequency issue which limits performance 2024-09-12 11:11:40 +02:00
cpuidle cpuidle: Avoid potential overflow in integer multiplication 2024-04-13 13:07:29 +02:00
crypto crypto: starfive - Fix nent assignment in rsa dec 2024-09-12 11:11:43 +02:00
cxl cxl/core: Fix incorrect vendor debug UUID define 2024-09-18 19:24:07 +02:00
dax
dca
devfreq
dio
dma dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor 2024-09-08 07:54:46 +02:00
dma-buf dma-buf: heaps: Fix off-by-one in CMA heap fault handler 2024-09-18 19:24:09 +02:00
edac EDAC/synopsys: Fix error injection on Zynq UltraScale+ 2024-10-04 16:28:49 +02:00
eisa
extcon extcon: max8997: select IRQ_DOMAIN instead of depending on it 2024-06-12 11:12:27 +02:00
firewire firewire: ohci: fulfill timestamp for some local asynchronous transaction 2024-05-17 12:02:30 +02:00
firmware firmware: cs_dsp: Don't allow writes to read-only controls 2024-09-12 11:11:35 +02:00
fpga fpga: region: add owner module and take its refcount 2024-06-12 11:12:23 +02:00
fsi
gnss
gpio gpiolib: cdev: Ignore reconfiguration without direction 2024-09-30 16:25:14 +02:00
gpu drm: Expand max DRM device number to full MINORBITS 2024-09-30 16:25:13 +02:00
greybus greybus: Fix use-after-free bug in gb_interface_release due to race condition. 2024-06-21 14:38:48 +02:00
hid HID: multitouch: Add support for GT7868Q 2024-09-18 19:24:05 +02:00
hsi
hte
hv Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-09-12 11:11:41 +02:00
hwmon hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING 2024-09-30 16:25:08 +02:00
hwspinlock hwspinlock: Introduce hwspin_lock_bust() 2024-09-08 07:54:43 +02:00
hwtracing coresight: Fix ref leak when of_coresight_parse_endpoint() fails 2024-08-03 08:53:57 +02:00
i2c i2c: stm32f7: Add atomic_xfer method to driver 2024-08-29 17:33:42 +02:00
i3c i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup 2024-09-12 11:11:38 +02:00
idle
iio iio: adc: ad7124: fix DT configuration parsing 2024-09-18 19:24:04 +02:00
infiniband IB/mlx5: Rename 400G_8X speed to comply to naming convention 2024-09-18 19:24:08 +02:00
input Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table 2024-09-18 19:24:06 +02:00
interconnect interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID 2024-08-03 08:53:58 +02:00
iommu iommu/vt-d: Handle volatile descriptor status read 2024-09-12 11:11:35 +02:00
ipack
irqchip irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 2024-09-12 11:11:29 +02:00
isdn mISDN: fix MISDN_TIME_STAMP handling 2024-08-19 06:04:28 +02:00
leds leds: spi-byte: Call of_node_put() on error path 2024-09-12 11:11:30 +02:00
macintosh macintosh/therm_windtunnel: fix module unload. 2024-08-03 08:54:02 +02:00
mailbox
mcb
md dm-integrity: fix a race condition when accessing recalc_sector 2024-09-18 19:24:07 +02:00
media media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse 2024-09-12 11:11:31 +02:00
memory memory: stm32-fmc2-ebi: check regmap_read return value 2024-08-29 17:33:36 +02:00
memstick
message
mfd mfd: omap-usb-tll: Use struct_size to allocate tll 2024-08-03 08:53:54 +02:00
misc eeprom: digsy_mtc: Fix 93xx46 driver probe failure 2024-09-18 19:24:07 +02:00
mmc mmc: cqhci: Fix checking of CQHCI_HALT state 2024-09-12 11:11:26 +02:00
most
mtd ubi: eba: properly rollback inside self_check_eba 2024-08-03 08:54:23 +02:00
mux
net wifi: rtw88: always wait for both firmware loading attempts 2024-10-04 16:28:49 +02:00
nfc nfc: pn533: Add poll mod list filling check 2024-09-04 13:28:28 +02:00
ntb
nubus
nvdimm
nvme nvme-pci: qdepth 1 quirk 2024-09-30 16:25:14 +02:00
nvmem nvmem: u-boot-env: error if NVMEM device is too small 2024-09-18 19:24:04 +02:00
of of/irq: Prevent device address out-of-bounds read in interrupt map walk 2024-09-12 11:11:39 +02:00
opp OPP: ti: Fix ti_opp_supply_probe wrong return values 2024-08-03 08:53:27 +02:00
parisc Revert "change alloc_pages name in dma_map_ops to avoid name conflicts" 2024-09-04 13:28:24 +02:00
parport dev/parport: fix the array out-of-bounds risk 2024-08-03 08:54:22 +02:00
pci PCI: Add missing bridge lock to pci_bus_lock() 2024-09-12 11:11:38 +02:00
pcmcia pcmcia: Use resource_size function on resource object 2024-09-12 11:11:31 +02:00
peci
perf perf: riscv: Fix selecting counters in legacy mode 2024-08-11 12:47:23 +02:00
phy phy: zynqmp: Take the phy mutex in xlate 2024-09-12 11:11:35 +02:00
pinctrl pinctrl: at91: make it work with current gpiolib 2024-09-30 16:25:08 +02:00
platform platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict 2024-09-30 16:25:09 +02:00
pmdomain pmdomain: imx: wait SSAR when i.MX93 power domain on 2024-08-29 17:33:54 +02:00
pnp
power soc: qcom: pmic_glink: Fix race during initialization 2024-09-04 13:28:28 +02:00
powercap powercap/intel_rapl: Add support for AMD family 1Ah 2024-09-30 16:25:13 +02:00
pps
ps3
ptp ptp: fix integer overflow in max_vclocks_store 2024-06-27 13:49:07 +02:00
pwm pwm: atmel-tcb: Fix race condition and convert to guards 2024-08-03 08:53:23 +02:00
rapidio
ras
regulator regulator: bd71815: fix ramp values 2024-06-27 13:49:09 +02:00
remoteproc remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init 2024-08-03 08:54:31 +02:00
reset
rpmsg
rtc rtc: nct3018y: fix possible NULL dereference 2024-08-29 17:33:39 +02:00
s390 Revert "s390/dasd: Establish DMA alignment" 2024-08-29 17:33:59 +02:00
sbus
scsi scsi: lpfc: Fix overflow build issue 2024-09-30 16:25:08 +02:00
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Add timeout for wait operation 2024-05-17 12:02:33 +02:00
soc soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host() 2024-09-08 07:54:43 +02:00
soundwire soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" 2024-09-18 19:24:09 +02:00
spi spi: spidev: Add missing spi_device_id for jg10309-01 2024-09-30 16:25:12 +02:00
spmi spmi: hisi-spmi-controller: Do not override device identifier 2024-06-21 14:38:40 +02:00
ssb ssb: Fix division by zero issue in ssb_calc_clock_rate 2024-08-29 17:33:22 +02:00
staging minmax: reduce min/max macro expansion in atomisp driver 2024-09-18 19:24:07 +02:00
target scsi: target: Fix SELinux error when systemd-modules loads the target module 2024-05-17 12:02:15 +02:00
tc
tee tee: optee: ffa: Fix missing-field-initializers warning 2024-07-25 09:50:53 +02:00
thermal thermal: of: Fix OF node leak in of_thermal_zone_find() error paths 2024-09-04 13:28:22 +02:00
thunderbolt thunderbolt: Mark XDomain as unplugged when router is removed 2024-08-29 17:33:12 +02:00
tty tty: atmel_serial: use the correct RTS flag. 2024-08-29 17:33:10 +02:00
ufs scsi: ufs: core: Remove SCSI host only if added 2024-09-12 11:11:36 +02:00
uio Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-09-12 11:11:41 +02:00
usb USB: usbtmc: prevent kernel-usb-infoleak 2024-09-30 16:25:15 +02:00
vdpa vduse: Temporarily fail if control queue feature requested 2024-07-05 09:33:50 +02:00
vfio vfio/spapr: Always clear TCEs before unsetting the window 2024-09-12 11:11:31 +02:00
vhost vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler 2024-08-14 13:58:55 +02:00
video fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes 2024-08-11 12:47:16 +02:00
virt drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() 2024-06-12 11:12:09 +02:00
virtio virtio_ring: fix KMSAN error for premapped mode 2024-09-12 11:11:36 +02:00
vlynq
w1 nvmem: add explicit config option to read old syntax fixed OF cells 2024-05-17 12:01:55 +02:00
watchdog watchdog: rzg2l_wdt: Check return status of pm_runtime_put() 2024-08-03 08:54:35 +02:00
xen xen: privcmd: Fix possible access to a freed kirqfd instance 2024-09-12 11:11:35 +02:00
zorro
Kconfig
Makefile